Azure VNet – Point to Site VPN

Difficulty Level:    

In this article, I’ll walk through how to enable Point-to-Site VPN connection from your local machine to Azure VNet.

Enable Point-to-Site VPN connection (P2S VNP Connection)

Access to Azure Portal > select Networks from left menu > select your existing Virtual Network (in this tutorial I use nguyens-cloud-vnet network) > access to Configure tab. If you don’t have any VNet, you can follow Azure VNet – Step-by-Step to create your own Virtual Network to create new one.

Select Configure point-to-site connectivity in point-to-site connectivity area. You need to define the address space which will be allocated to your local machine when it connects to VNet.


Save the pending change and back to Dashboard tab to see the status.


Create root and client certificates

P2S VPN Connection required a certificate, you can use the existing one or can create your own certification by using Visual Studio 20xx command prompt.


The following script help to create root and client certificate that be installed on all machines that will access the P2S connection.

Import root certificate to Azure VNet

Open an MMC (Microsoft Management Console) > Click File and select Add/Remove Snap-in .. > Click Certificates.


Click Add > Keep select My user account > Click on Finish.


Expand Certificates – Current User > Expand the Personal folder > Select Certificates folder > Right-click on the root certificate you created > Select All Tasks > Select Export…


Select No, do not export the private key option.


Then keep the default DER encoded binary (.CER) selected and click Next then save it to your selected folder.

Select your VNet and access to Certificates tab > click on Upload button > browse to the folder created when export root certificate above > Upload certificate to Azure VNet.


Install client certificate to your machines

Similar with root certificate but you need to choose Yes, export the primary key option.


Make sure Personal Information Exchange is selected and that Include all certificates in the certification path if possible is selected > Specify the password for your certificate > Specify the directory to export.


Copy the certificate to respective machines. Right-click on the client certificate and select Install PFX to install it.

Connect to VNet with P2S Connection

The connection now is available now.


Azure provides the Client VNP Package which help to create P2S VPN Connection in your machines.


After install Client VPN Package, you can find and connect to VPN from Networks list.


Click on Connect to establish connection to your VNet.


And here’s our result


Son Nguyen

Son Nguyen

Son Nguyen is a Cloud Consultant working for FPT Software’s Cloud Innovation team. With deep knowledge in AWS and MS Azure, Son acts as a cloud consultant in various areas, ranging from assessment to architecture design, supporting customers from Japan, EU to US.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *